Business Process Automation through 

Application Software 


Learning Objectives 


♦ To understand business applications and the basis for their classification; 

♦ To understand how to go about automation of critical business processes; 

♦ To identify the need for automation of information processing cycles; 

♦ To understand the need for adopting effective delivery channels based on user needs; 

♦ To understand functioning of Application Controls; and 

♦ To have an overview of the key Emerging Technologies and their usage. 


Task Statements 


♦ To identify various types of business applications according to their usage; 

♦ To identify critical business processes, which can be automated and assess the impact of 

business process automation; 

♦ To distinguish between computerized information processing and manual information 
processing; 

♦ To assess the impact of the choice of delivery channels on business decision making; 

♦ To assess the risk of having poor controls and areas where they are needed to be 

deployed; and 

♦ To identify opportunities for resource optimization using new technologies like 
Virtualization, Grid Computing and Cloud Computing. 


Knowledge Statements 


♦ Knowledge of various types of business applications that have been developed to 
automate business processes across varied industries; 

♦ Knowledge of the steps involved in business process automation, the applications that 
enable automation and the relevant controls; 

♦ Knowledge of different types of information processing cycles and the current trends; 
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♦ Knowledge of various types of delivery channels and how they impact business decision 
making; 

♦ Knowledge of various types of application controls, the functions they perform and the 
way they are deployed; and 

♦ Knowledge of the working of new technologies like Virtualization, Grid Computing and 
Cloud Computing. 


5.1 Introduction 

Information Technology (IT) is an exciting avenue where massive investments are being made 
and the impact on its deployment will not only affect the way enterprises operate and provide 
their services but it will also influence the way business will be done in the near future. IT will 
open out new vistas of commerce breaking all barriers and boundaries. This has made the 
concept of “Geography is History” as true. The rapid growth in communication technology 
making it faster and reliable coupled with its integration with IT has truly made the world today 
a global village making true the concept, “The Network is the Computer”. With network 
availability, there are really no barriers or boundaries. Any enterprise located in any remote 
corner can make their products or services available to anyone, anywhere at any time. 

The speed of automation of all activities, whether they be connected to business or not directly 
connected to business, has surprised the stakeholders of enterprises, who are affected by 
such computerization. The changing dynamics of business due to this automation has forced 
management to re-think their strategy to stay in business. Today the speed with which 
automation has occurred, the extent of automation and the dependency on automation for 
ensuring enterprise success is one of the key challenges for enterprises to survive and thrive 
in the global digital age. 

We find pervasiveness of automation in every aspect of our daily life whether it is personal or 
professional. The day starts with delivery of newspaper; the delivery boy has used Google 
maps to chart his/her path to our house. The milkman: AMUL, uses high degree of technology 
to ensure that we get the freshest milk. Next on the list is the vegetable vendor, which is now 
the nearby departmental stores selling vegetables using technology for all their key operations 
right from procurement to stock replenishment. The kids going to school find that their test 
scores are being emailed or sent by SMS to their parents. In higher educational institutions, if 
a student is absent, the system directly sends an automated SMS to parents of the child. 

In our professional work, we realize that our daily job has changed, due to use of technology. 
Now, few routine jobs are expected to be done by an employee but are taken care by 
automated systems. For example: attendance marking and tracking. Many office automation 
systems have reduced the manual jobs, as they can be easily done by computer systems. 
Indian citizens need not go to government offices to deposit taxes, or pay utility bills; 
everything has been made available online. Commercial establishments have all automated 


© The Institute of Chartered Accountants of India 







5.3 Information Technology 


their processes, like banks, share markets, insurance companies, etc. The level of automation 
has helped our country to progress faster and helped businesses to save costs. 

Governments at both Central and State level have embarked upon large IT enabled service 
programs to using e-governance model. Now, virtually every tax department in country is 
computerized. The level of computerization has now started trickling down to municipal 
corporations with many municipalities in India enabling citizens to pay municipal taxes online. 

The level of computerization and the acceptance of the same in the country has not only 
changed the way enterprise provide products and services but also it has changed the way 
people are performing regular tasks. For example, people are not reading books but reading 
e-books. People do not go to nearby mall to buy a product but buy the same online at the 
convenience of home/office and at any time during the day/night. The delivery channels have 
changed from physical to e-mode, by delivery of information or goods. 

However, the level of automation needs to be controlled considering the inherent risks of 
technology. This makes it imperative to implement the adequate level of appropriate controls 
during all stages of computer processing right from the data capture to the data storage 
phase. It is important to process the information effectively and efficiently and at the heart of 
this information processing is IT. Business value is derived by making information available to 
all stakeholders but also ensuring security of this information. 

New technologies are getting developed due to large scale computerization, decreasing costs 
of storing data and increasing speed of internet. Emerging technologies such as virtualization, 
grid computing and cloud delivery model are enabling technology revolution version 2. It is 
basically application of technology revolution version 1, where large scale networking created 
a huge network of computers called as Internet. 

5.2 Classification of Business Applications 

The meaning of Business Application can be best understood by dividing the set of words into 
their constituents. Business is defined as a person’s regular occupation or commercial 
activity, a person’s concern. Application, in terms of computers, is defined as a computer 
program to fulfill a particular purpose. Bringing together these definitions shall define the word 
Business Application as a computer program used to fulfill a person’s need for regular 
occupation or commercial activity. 

This means that business applications are software or set of software used by business 
people. The next step is to understand the business needs, which can be fulfilled through the 
software. These can be all activities to run business, like keeping track of inventory levels, 
checking for bank account balances, checking status of delivery of goods dispatched, and all 
other business activities. 

Business applications can be classified based on various usages they are put to as well as 
user’s understanding of the application. Atypical classification is shown in Table 5.2.1. 
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Table 5.2.1: Classification of Business Applications 


Types 

Nature of 
processing 

Source of 
application 

Size and 
Complexity of 
business 

Nature of 
Application 

Type 1 

Batch Processing 

Custom built 

Small business 

Accounting 

application 

Type II 

Online Processing 

Packaged 

software 

Medium 

business 

Cash 

Management 

Type III 

Real-time Processing 

Leased 

Large business 

Manufacturing 

Applications 

More types 

No 

Yes 

No 

Yes 

Students need to understand that business applications by their nature can vary 
numerously. While there are various models and categorizations of these business 
applications; the classifications are not consistent and the above categorization is a just a 
sample way of classifying them. Above list is only illustrative; students are expected to use 
their intelligence to add further items to above list. . 


Classification is an effort to categorize numerous types of business applications on a logical 
basis. Let us understand the basis of the above classification. 


5.2.1 Applications based on Nature of Processing 

This is the way an application updates data, say in batch processing, there is a time delay in 
occurrence and recording of transaction. On the other hand in online processing, the 
transactions are recorded at the moment they occur. An application that allows query 
handling/ responses to updates in system is classified as real time processing system. 

• Batch Processing: It is defined as a processing of large set of data in a specific way, 
automatically, without needing any user intervention. The data is first collected, during a 
work day, for example, and then batch-processed, so all the collected data is processed 
in one go. This could happen at the end of the work day, for example, when computing 
capacities are not needed for other tasks. It is possible to perform repetitive tasks on a 
large number of pieces of data rapidly without needing the user to monitor it. Batched 
jobs can take a long time to process. Batch processing is used in producing bills, stock 
control, producing monthly credit card statements, etc. 

• Online Processing: Data is processed immediately while it is entered, the user usually 
only has to wait a short time for a response. (Example: games, word processing, booking 
systems). Interactive or online processing requires a user to supply an input. Interactive 
or online processing enables the user to input data and get the results of the processing 
of that data immediately. 
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• Real-time Processing: Real time processing is a subset of interactive or online 
processing. Input is continuously, automatically acquired from sensors, for example, 
which is processed immediately in order to respond to the input in as little time as 
possible. After the system is finished responding, it reads the next set of input data 
immediately to process that. This system doesn't need a user to control it, it works 
automatically. Whenever there is a rapid reaction required due to some sort of change, 
real time processing can take action without the need of a user or long processing time 
beforehand. Real time processing is used in warning systems on aircraft, alarm systems 
in hazardous zones, burglar alarms etc. 

5.2.2 Applications based on Source of Application 

The name of category is self-explanatory, as it tells the source from where application has 

been bought. 

• Custom-built Application: Whether they are for one function or integrate processes 
across the company like an ERP - these are the easiest ones to customize. These 
applications can however be configured to meet a particular company’s requirements. 
Customization involves additional coding while configuration is based on settings which 
are inputted by the user. Example - Billing, Inventory, Attendance etc. 

• Packaged Software: These are the standard applications which are not free but are 
licensed. Customization to suit business requirements may or may not be allowed. For 
Example -Tally, Oracle 9i, etc. 

• Leased application: A new method for getting applications is being used today, i.e. 
leased applications, where user pays fixed rent for using the application for agreed 
terms. Many specialized vendors provide users with option to get their job done by 
paying monthly rent; this is referred to as outsourcing. 

5.2.3 Applications based on Size and Complexity of Business 

This classification is based on the users for whom the application has been developed. Here, the 

emphasis is on size and complexity of business process. This categorization is again important, as 

it denotes the basic purpose of any business application. 

• Small and Medium Enterprise (SME) business: The best software for small and 
medium businesses is software designed to help them to run their operations better, cut 
costs and replace paper processes. The most popular software packages include 
accounts, office productivity, email and communications, but nowadays, most business 
activities can be improved through desktop or web-based applications. 

• Large Business: When it comes to other sorts of business software, designed for the 
larger or more ambitious businesses, a business application being used by a large number 
of small business establishments in India may not be effective for large business 
organizations. The business tools that tend to be favored by larger businesses include 
CRM, for recording customer information and finding out trends in buying habits; and 
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sales force automation, which helpful for organizing and managing sales teams and 
leads. Business may also choose to use human resources software; business 
intelligence and dashboard tools; database management systems; and enterprise 
resource planning and supply chain management tools. 

However, these may not be for everyone and can add cost and complexity to small 
businesses’ IT systems. 

5.2.4 Business applications based on Nature of Application 

It is clear from the above discussion that the categorization can be extended based on an 
individual’s understanding and perception of application under review. A business application 
may also be classified based on business function it covers. For example - accounting 
applications, Office Management software, Compliance application, Customer relationship 
management, Decision making software, ERP software, Product lifecycle management, etc. 

♦ Accounting Applications: Accounting applications range from application software such 
as TALLY and wings to high-and applications such as SAP and Oracle Financials. These 
are used by business entities for the purpose of day-to-day transactions of accounting 
and generating financial information such as balance sheet, profit and loss account and 
cash flow statements. These are classified as accounting applications. 

♦ Office Management Software: These applications help entities to manage their office 
requirements like word processors (MS Word), electronic spreadsheets (MS Excel), 
presentation software (PowerPoint), file sharing systems, etc. The purpose is to 
automate the day-to-day office work and administration. 

♦ Compliance Applications: Enterprises need to comply with applicable laws and 
regulations. India has taken a long stride in adopting e-compliance for its citizens with 
government promoting e-filing of documents, e-payments taxes, e-storage of data, etc. 
This has raised the requirements for software which can help any entity achieve 
compliances. A separate class of business application are available that facilitate 
meeting the compliance requirements. 

♦ Customer Relationship Management Software: These are specialized applications 
catering to the need of organizations largely in FMCG (Fast-Moving Consumer 
Goods) categories. These entities need to interact with their customers and respond to 
them. The response may be in the form of service support or may lead to product 
innovation. These are sought by entities, which deal directly with consumers. 

♦ Management Support Software: These are applications catering to decision-making 
needs of the management. They may be further classified based on the level of 
management using them. For example, Management Information System are generally 
used by middle level manager’s for their decision making needs, on the other hand 
Decision Support Systems are used by top management for their information 
requirements. 
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♦ ERP Software: These applications called as Enterprise Resource Planning software, 
which are used by entities to manage resources optimally and to maximize the three Es 
i.e. Economy, Efficiency and Effectiveness of business operations. 

♦ Product Lifecycle Management Software: These business applications are used by 
enterprises that launch new products and are involved in development of new products. 
The recent trend in auto-sector in India reflects the growing importance and need of this 
type of software. Each month a new product is launched by auto companies in India, may 
it be two-wheeler or four-wheeler segment. The top management of all these companies 
often say that “the life cycle of auto products have significantly reduced”. 

♦ Logistics Management Software: For large logistics managing companies, these are 
key business applications. These companies need to keep track of products and people 
across the globe to check whether there are any discrepancies that need action. 

♦ Legal Management Software: In India, a lot of effort is being put to digitize the legal 
system. Government of India, is keen to reduce the pendency in courts. As this process 
goes on legal profession in India shall need such systems. There are big legal firms in 
India, which are already using such business applications. 

♦ Industry Specific Applications: These are industry specific applications focused on a 
specific industry sector. For example, software designed especially for Banking 
applications, Insurance applications, Automobile dealer system, billing systems for malls, 
Cinema ticketing software, Travel industry related software, etc. 

5.3 Business Process Automation 

Business Process Automation (BPA) is a strategy that is used to optimize and streamline 
the essential business processes, using the latest technology to automate the functions 
involved in carrying them out. The idea behind BPA is to allow the organizations to extract 
maximum benefit by using the available resources to their best advantage, while keeping the 
operational cost as low as possible. Doing so helps the enterprise to generate greater profits 
and achieve a level of stability that would be hard to realize without the use of automation. 

BPA capabilities range from automating a simple data-entry-manipulation task to building 
complex, automated financial management processes using existing applications. 

5.3.1 Objectives of BPA 

The success of any business process automation shall only be achieved when BPA ensures 
the following: 

♦ Confidentiality: To ensure that data is only available to persons who have right to see 
the same; 

♦ Integrity: To ensure that no un-authorized amendments can be made in the data; 

♦ Availability: To ensure that data is available when asked for; and 
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♦ Timeliness: To ensure that data is made available in at the right time. 

To ensure that all the above parameters are met, BPA needs to have appropriate internal 
controls put in place. A more detailed discussion follows in later sections of the chapter. 

5.3.2 Why BPA? 

BPA is the basic component of an enterprise-wide automation and management scheme for 
both business and IT workflow. With BPA, we can optimize and streamline our business 
processes by automating the process components. By improving the performance, accuracy 
and efficiency of the key business processes, the enterprise is made more efficient and 
responsive to customer and employee needs. Some benefits of pursuing such automation 
include the following: 

♦ Reducing the Impact of Human Error: BPA removes human participation in the 
process, which is the source of many errors. 

♦ Transforming Data into Information: BPA can, apart from collecting and storing data 
also analyze data and make it available in a form that is useful for decision-making. 

♦ Improving performance and process effectiveness: In many cases, tasks that must be 
done manually are the bottleneck in the process. Automating those manual tasks speeds 
up the effective throughput of the application. 

♦ Making users more efficient and effective: People can focus their energies on the 
tasks they do best, allowing the computers to handle those that machines are best suited 
for. 

♦ Making the business more responsive: Enterprises can easily automate new 
applications and processes as they are introduced that provide greater control over 
business and IT processes. 

♦ Improving Collaboration and Information Sharing: Business processes designed 
through a collaborative interface mean IT can integrate its processes with the business- 
side logic that drives day-to-day operations. 

♦ Cost Saving: Automation leads to saving in time and labor costs through higher 
efficiency and better management of the people involved; 

♦ To remain competitive: To provide the level of products and services as offered by 
competition. 

♦ Fast service to customers: Automation shortens cycle times in the execution of 
processes through improved and refined business workflows and help enterprises to 
serve their customers faster and better. 
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Case Study 


The following case study offers interesting insights on the benefit of BPA: 

Amazon Inc., the largest book shop on internet has achieved a quarterly turnover of over USD 
21 Billion for Q4 of year 2012. Compare the same to Barnes and Noble, one of the oldest book 
shops in US having a Q4 2012, turnover of around USD 2 Billion. The difference is of 10 times 
and is a reflection that automation is the key. Amazon allowed users to access books at a click 
of button, and with ease. The success of Amazon, was not only the availability of books on 
internet but also, its ability to streamline the delivery mechanism. There are lot of Indian 
companies which have used the same model and are achieving success, namely Flipkart and 
Snapdeal. In fact, these online retailers are now a serious threat to the business of shopping 
malls. 


5.3.3 How to go about BPA? 

The steps to go about implementing business process automation are depicted here in Fig. 
5.3.1. One important point to remember is that not all processes can be automated at a time. 
The best way to go about automation is to first understand the criticality of the business 
process to the enterprise. Let us discuss the key steps in detail. 

(i) Step 1: Define why we plan to implement a BPA? 

The primary purpose for which an enterprise implements automation may vary from enterprise 
to enterprise. A list of generic reasons for going for BPA may include any or combination of 
the following: 

♦ Errors in manual processes leading to higher costs. 

♦ Payment processes not streamlined, due to duplicate or late payments, missing early pay 
discounts, and losing revenue. 

♦ Paying for goods and services not received. 

♦ Poor debtor management leading to high invoice aging and poor cash flow. 

♦ Not being able to find documents quickly during an audit or lawsuit or not being able to 
find all documents. 

♦ Lengthy or incomplete new employee or new account on-boarding. 

♦ Unable to recruit and train new employees, but where employees are urgently required. 

♦ Lack of management understanding of business processes. 

♦ Poor customer service. 
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\ 

Step 1 : Define why we plan to 

• The answer to this question will provide justification for 

implement BPA? 

implementing BPA. 

y 

V J 


r A 

Step 2: Understand the rules/ regulation 

\ 

• The underlying issue is that any BPA created needs to 

under which it needs to comply with? 

comply with applicable laws and regulations. 

y 


/ ' 

Step 3: Document the process, we wish 
to automate. 

• The current processes which are planned to be automated 
need to be correctly and completely documented at this 
step. 

y 

c > 

Step 4: Define the objectives/goals to be 
achieved by implementing BPA. 
v > 

• This enables the developer and user to understand the 
reasons for going for BPA. The goals need to be precise 
and clear. 

y 

c > 

Step 5: Engage the business process 
consultant. 

y 

• Once the entity has been able to define the above, the entity 
needs to appoint an expert, who can implement it for the 
entity. 

f > 


Step 6: Calculate the Rol for project. 

V J 

' 

• The answer to this question can be used for convincing top 
management to say ‘yes’ to the BPA exercise. 

y 



f > 

Step 7: Development of BPA. 
v. > 

\ 

• Once the top management grant their approval, the right 
business solution has to be procured and implemented or 
developed and implemented covering the necessary BPA. 

y 

C \ 

Step 8: Testing the BPA. 

' 

• Before making the process live, the BPA solutions should be 
fully tested. 

y 

v > 



Fig. 5.3.1: Steps involved in Implementing Business Process Automation 


(ii) Step 2: Understand the rules / regulation under which enterprise needs to comply 
with? 

One of the most important steps in automating any business process is to understand the 
rules of engagement, which include following the rules, adhering to regulations and following 
document retention requirements. This governance is established by a combination of internal 
corporate policies, external industry regulations and local, state, and central laws. Regardless 
of the source, it is important to be aware of their existence and how they affect the documents 
that drive the processes. It is important to understand that laws may require documents to be 
retained for specified number of years and in a specified format. Entity needs to ensure that 
any BPA adheres to the requirements of law. 

(iii) Step 3: Document the process, we wish to automate 

At this step, all the documents that are currently being used need to be documented. The 
following aspects need to be kept in mind while documenting the present process: 
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♦ What documents need to be captured? 

♦ Where do they come from? 

♦ What format are they in: Paper, FAX, email, PDF etc.? 

♦ Who is involved in processing of the documents? 

♦ What is the impact of regulations on processing of these documents? 

♦ Can there be a better way to do the same job? 

♦ How are exceptions in the process handled? 

The benefit of the above process for user and entity being: 

♦ It provides clarity on the process. 

♦ It helps to determine the sources of inefficiency, bottlenecks, and problems. 

♦ It allows tore-design the process to focus on the desired result with workflow automation. 

An easy way to do this is to sketch the processes on a piece of paper, possibly in a flowchart 
format. Visio or even Word can be used to create flowcharts easily. 

It is important to understand that no automation shall benefit the entity, if the process being 
automated is error-prone. Investment in hardware, workflow software and professional 
services, would get wasted if the processes being automated are not made error-free. Use of 
technology needs to be made to realize the goal of accurate, complete and timely processing 
of data so as to provide right information to the right people safely and securely at optimum 
cost. 

(iv) Step 4: Define the objectives/goals to be achieved by implementing BPA 

Once the above steps have been completed, entity needs to determine the key objectives of 
the process improvement activities. When determining goals, remember that goals need to be 

SMART: 

♦ Specific: Clearly defined, 

♦ Measurable: Easily quantifiable in monetary terms, 

♦ Attainable: Achievable through best efforts, 

♦ Relevant: Entity must be in need of these, and 

♦ Timely: Achieved within a given time frame. 

For example, 

Case 1: For vendor’s offering early payment discounts, entity needs to consider: 

♦ How much could be saved if they were taken advantage of, and if the entity has got the 
cash flow to do so? 
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♦ Vendor priority can be created based on above calculations, for who gets paid sooner 
rather than later. 

Case 2: To determine the average invoice aging per customer. Entity can decide to reduce the 
average from 75 days to 60 days. This alone can dramatically improve cash flow. 

(v) Step 5: Engage the business process consultant 

This is again a critical step to achieve BPA. To decide as to which company/ consultant to 
partner with, depends upon the following: 

♦ Objectivity of consultant in understanding/evaluating entity situation. 

♦ Does the consultant have experience with entity business process? 

♦ Is the consultant experienced in resolving critical business issues? 

♦ Whether the consultant is capable of recommending and implementing a combination of 
hardware, software and services as appropriate to meeting enterprise BPA 
requirements? 

♦ Does the consultant have the required expertise to clearly articulate the business value 
of every aspect of the proposed solution? 

(vi) Step 6: Calculate the Rol for project 

The right stakeholders need to be engaged and involved to ensure that the benefits of BPA 
are clearly communicated and implementation becomes successful. Hence, the required 
business process owners have to be convinced so as to justify the benefits of BPA and get 
approval from senior management. A lot of meticulous effort would be required to convince the 
senior management about need to implement the right solution for BPA. The right business 
case has to be made covering technical and financial feasibility so as to justify and get 
approval for implementing the BPA. The best way to convince would be to generate a 
proposition that communicates to the stakeholders that BPA shall lead to not only cost savings 
for the enterprise but also improves efficiency and effectiveness of service offerings. 

Some of the methods for justification of a BPA proposal may include: 

♦ Cost Savings, being clearly computed and demonstrated. 

♦ How BPA could lead to reduction in required manpower leading to no new recruits need 
to be hired and how existing employees can be re-deployed or used for further 
expansion. 

♦ Savings in employee salary by not having to replace those due to attrition. 

♦ The cost of space regained from paper, file cabinets, reduced. 

♦ Eliminating fines to be paid by entity due to delays being avoided. 

♦ Reducing the cost of audits and lawsuits. 

♦ Taking advantage of early payment discounts and eliminating duplicate payments. 
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♦ Ensuring complete documentation for all new accounts. 

♦ New revenue generation opportunities. 

♦ Collecting accounts receivable faster and improving cash flow. 

♦ Building business by providing superior levels of customer service. 

♦ Charging for instant access to records (e.g. public information, student transcripts, 
medical records) 

The above can be very well presented to justify the proposal and convince management to go 
ahead with the project of BPA implementation as required for the enterprise. 

(vii) Step 7: Developing the BPA 

Once the requirements have been document, ROI has been computed and top management 
approval to go ahead has been received, the consultant develops the requisite BPA. The 
developed BPA needs to meet the objectives for which the same is being developed. 

(viii)Step 8: Testing the BPA 

Once developed, it is important to test the new process to determine how well it works and 
identify where additional “exception processing” steps need to be included. The process of 
testing is an iterative process, the objective being to remove all problems during this phase. 

Testing allows room for improvements prior to the official launch of the new process, 
increases user adoption and decreases resistance to change. Documenting the final version of 
the process will help to capture all of this hard work, thinking and experience which can be 
used to train new people. 

5.3.4 Case studies on Automation of Business Processes 

(i) Case 1: Automation of purchase order generation process, in a manufacturing entity 

Various steps of automation are given as follows: 

Step 1: Define why we plan to go for a BPA? 

The entity has been facing the problem of non-availability of critical raw material items which 
is leading to production stoppages and delay in delivery. Delay in delivery has already cost 
company in terms of losing customer and sales. 

Step 2: Understand the rules / regulation under which needs to comply with? 

The item is not covered by regulation, regarding quantity to be ordered or stored. To keep cost 
at minimum entity has calculated economic order quantity for which orders are placed. 

Step 3: Document the process, we wish to automate. 

The present process is manual where the orders are received by purchase department from 
stores department. Stores department generates the order based on manual stock register, 
based on item’s re-order levels. The levels were decided five years back and stores records 
are not updated timely. 
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Step 4: Define the objectives/goals to be achieved by implementing BPA 

The objective behind the present exercise is to ensure that there are no production losses due 
to non-availability of critical items of inventory. This shall automatically ensure timely delivery 
of goods to customer. 

Step 5: Engage the business process consultant 

ABC Limited, a consultant of repute, has been engaged for the same. The consultant has prior 
experience and knowledge about entity’s business. 

Step 6: Calculate the ROI for project 

The opportunity loss for the project comes to around ? 100/- lakhs per year. The cost of 
implementing the whole BPA shall be around ? 50/- lakhs. It is expected that the opportunity 
loss after BPA shall reduce to ? 50 lakhs in year one, ? 25/- lakhs in later years for the next 
five years. 

For students: 

♦ Is the project worth going ahead? 

♦ What is the Rol, based on three years data? 

♦ What is the payback period? 

Step 7: Developing the BPA 

Once the top management says yes, the consultant develops the necessary BPA. The BPA is 
to generate purchase orders as soon as an item of inventory reaches its re-order level. To 
ensure accuracy, all data in the new system need to be checked and validated before being 
put the same into system: 

♦ Item’s inventory was physically counted before uploading to new system. 

♦ Item’s re-order levels were recalculated. 

♦ All items issued for consumption were timely updated in system. 

♦ All Purchase orders automatically generated are made available to Purchase manager at 
end of day for authorizations. 

Step 8: Testing the BPA 

Before making the process live, it should be thoroughly tested. 

(ii) Case 2: Automation of employee attendance 
Various steps of automation are given as follows: 

Step 1: Define why we plan to go for a BPA? 

The system of recording of attendance being followed is not generating confidence in 
employees about the accuracy. There have been complaints that salary payouts are not as per 
actual attendance. It has also created friction and differences between employees, as some 
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feels that other employees have been paid more or their salary has not been deducted for 
being absent. 

Step 2: Understand the rules/regulation under which needs to comply with? 

A number of regulations are applicable to employee attendance including Factories Act 1948, 
Payment of Wages Act 1936, State laws, etc. This is a compliance requirement and hence, 
any BPA needs to cater to these requirements. 

Step 3: Document the process, we wish to automate. 

The present system includes an attendance register and a register at the security gate. 
Employees are expected to put their signatures in attendance registers. The register at the 
gate is maintained by security staff, to mark when an employee has entered. There is always a 
dispute regarding the time when an employee has entered and what has been marked in the 
security register. The company policy specifies that an employee coming late by 30 minutes 
for two days in a month shall have a 14 day salary deduction. There are over-writing in 
attendance register, leading to heated arguments between human resource department staff 
and employees. As the time taken to arrive at the correct attendance is large, there is a delay 
in preparation of salary. The same has already lead to penal action against company by labor 
department of the state. 

Step 4: Define the objectives/goals to be achieved implementing BPA 

The objective for implementing BPA, being: 

♦ Correct recording of attendance. 

♦ Timely compilation of monthly attendance so that salary can be calculated and distributed 
on a timely basis. 

♦ To ensure compliance with statutes. 

Step 5: Engage the business process consultant 

XYZ Limited a consultant of repute has been engaged for the same. The consultant has prior 
experience and also knowledge about entity’s business. 

Step 6: Calculate the Rol for project 

The BPA may provide Tangible benefits in the form of reduced penalties and intangible 
benefits which may include: 

♦ Better employee motivation and morale, 

♦ Reduced difference between employees, 

♦ More focus on work rather than salary, and 

♦ Improved productivity. 

Step 7: Developing the BPA 

Implementing BPA includes would result in the following: 

♦ All employees would be given electronic identity cards. 
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♦ The cards would contain details about employees. 

♦ The attendance system would work in the following manner: 

• Software with card reading machine would be installed at the entry gate. 

• Whenever an employee enters or leaves the company, he/she needs to put the card 
in front of machine. 

• The card reading machine would be linked to the software which would record the 
attendance of the employee. 

• At the end of month the software would print attendance reports employee-wise. 
These reports would also point out how many days an employee has reported late 
in the month. 

• Based on this report monthly attendance is put in the system to generate the 
monthly salary. 

Step 8: Testing the BPA 

Before making the process live, it should be thoroughly tested. 

The above illustrations are of entities, which have gone for business process automation. 
There are thousands of processes across the world for which entity have gone for BPA and 
reaped numerous benefits. These include: 

♦ Tracking movement of goods, 

♦ Sales order processing, 

♦ Customer services departments, 

♦ Inventory management, 

♦ Employee Management System, and 

♦ Asset tracking systems. 

5.3.5 Applications that help entity to achieve BPA 

Many applications are available today that help enterprise to achieve business process 
automation. Few applications may be simpler; others may be more complex based on nature 
of process being considered. Some of them are mentioned below: 

♦ TALLY: It is an accounting application that helps entity to automate processes relating to 
accounting of transactions. It also helps to achieve automation of few processes in 
inventory management. The latest version has been upgraded to help user achieve TAX 
compliances also. It has features such as Remote Access Capabilities, Tax Audit and 
Statutory Compliance, Payroll, Excise for Manufacturers, Multilingual Support, VAT 
Composition Returns, TDS, VAT (Value Added Tax), Rapid Implementation, Real Time 
Processing, Dynamic Interactive Reports and Unique Drill-Down Facility, Unlimited 
Companies and Periods of Accounting. 
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♦ SAP R/3: It is ERP software, which allows an entity to integrate its business processes. 
ERP stands for Enterprise Resource Planning, which aims at better utilization of the 
resources and helps entity achieve better business performance. It has the features such 
as time management, reporting and analytics, budget monitoring, workflow approval, 
sales management, team management, leave management, travel management, 
recruitment management and demand planning. This is used by most of the large 
enterprises across the world and covers enterprise automation end-to-end. 

♦ MS Office Applications: These are various office automation systems made available 
by Microsoft Corporation which include MS Word, MS Excel, MS PowerPoint, MS 
Access, etc. Each of these software help to achieve automation of various tasks in the 
office. It has features such as customized ribbon, backstage view, built-in graphics 
toolset, enhanced security, excel spark lines, pivot for Excel, PowerPoint broadcast, 
Power Point compression, paste, preview and outlook conversation view. 

♦ Attendance Systems: Many attendance automation systems are available in the market. 
The application helps entity to automate the process of attendance tracking and report 
generation. It has features such as supervisor login access, holiday pay settings, labour 
distribution, employee scheduling and rounding, employee view time card, overtime 
settings, battery-backed employee database and optional door/gate access control. 

♦ Vehicle Tracking System: A lot of applications have been developed that allow entity to 
track their goods while in transit. Few applications are high end, allowing owner of goods 
to check the temperature of cold stored goods while in transit. It has features such as 
GPS based location, GPRS connection based real-time online data-logging and 
reporting, route accuracy on the fly while device is moving, real-time vehicle tracking, 
geo-fencing, SMS & e-mail notifications, over-the-air location query support, on-board 
memory to store location inputs during times when GPRS is not available or cellular 
coverage is absent. 

♦ Automated Toll Collection Systems: As India progresses through creation of the 
golden quadrilateral project, many toll booths have been built to collect tolls. Many toll 
booths allow users to buy pre-paid cards, where user need not stop in lane to pay toil 
charges, but just swipe / wave the card in front of a scanner. The system keeps the track 
of card and the number of time same has been swiped / waved. It has features such as 
real-time toll plaza surveillance system, automatic vehicle identification system (based on 
in-road sensors), license plate recognition, zoom capability on captured images, laser 
based toll audit systems, automated vehicle classification, transaction processing and 
violation enforcement. 

♦ Department Stores Systems: There has been huge development in the retail sector in 
India. The same has created a need to have systems to cater to the ever increasing need 
of Indian consumers. Two critical elements for managing departmental stores have been 
automated in India; they include the billing processes and inventory management. It has 
features such as point of sale, multi-channel operation, supplier database, products 
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database, purchase ordering, management reporting, multiple promotions, loyalty 
schemes, stock control and inventory management. 

♦ Travel Management Systems: Many business processes specific to this industry have 
been automated, including ticket booking for air, bus, train, hotel, etc. It has features 
such as streamlined foreign travel approval process, configurable to match enterprise's 
foreign travel program, build-in and manage travel policy compliance, ‘safe return’ 
process for people tracking, traveler portal for up to date information, secure traveler 
profile information, online retrieval of e-tickets, reservations, visas & inoculation records, 
management of entry visas & medical requirements, front, mid and back office tools on a 
single, and web based platform. 

♦ Educational Institute Management Systems: India probably produces maximum 
number of engineers, doctors, MBAs and CAs across the world. A lot of automation has 
been achieved, including student tracking and record keeping. ICAI, itself is a good 
example of this automation. A student based on his/her registration number can file many 
documents online including exam forms. It has features such as student’s registration, 
student’s admission, fee collection, student’s attendance, result management, result 
analysis, library management, HR management, staff attendance, payroll system, time- 
table management, financial accounting, assets management and MIS. 

♦ File Management System: With increasing inventory of office files and records, many office 
automation systems have been developed. These allow office records to be kept in soft copy 
and easy tracking of the same. It has features such as web access, search, Microsoft office 
integration, records management software, electronic forms (e-forms), calendar, document 
version control, document scanning and imaging, check documents out / check documents in, 
document “tagging” or metadata capture, virtual folders and document linking. 

♦ Other Systems: The banking systems, the railway reservations systems and stock 
exchange systems are good examples of business process automations achieved. 

5.4 Information Processing 

Data when processed to meet the needs of the users is called information. Computer can be 
used as an aid to process this data so as to provide information, which has meaning to the 
users. Information may be defined as processed data, which is of value to the user. 
Information is necessary for decision making and survival of an entity as success of business 
depends upon making right decisions at the right time on the basis of the right information 
available. The effort to create information from raw data is known as Information Processing. 

Classification of information is based on level of human/computer intervention, which is given 
as follows: 

(i) Manual Information Processing Cycle 

These are the systems where the level of manual intervention is very high. Say for example, 
valuation of exam papers, teaching, operations in operation theatres, ticket checking by 
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railway staff in trains, buying of grocery, billing done by small medical shops, people 
maintaining books manually, etc. 

Components of manual information processing cycle include: 

♦ Input: Put details in register. 

♦ Process: Summarize the information. 

♦ Output: Present information to management in the form of reports. 

A pictorial representation of the same is given in Fig. 5.4.1. As the level of human intervention 
is very high the quality of information generated from these systems is prone to flaws such as 
delayed information, inaccurate information, incomplete information and low levels of detail. 


Input 



Process 



Output 


Fig. 5.4.1: Manual Processing Cycle 


(ii) Computerized Information Processing Cycle 

These are systems where computers are used at every stage of transaction processing. The 
components of a computerized information processing cycle include: 

♦ Input: Entering data into the computer; 

♦ Processing: Performing operations on the data; 

♦ Storage: Saving data, programs, or output for future use; and 

♦ Output: Presenting the results. 

A pictorial representation of the same is given in Fig. 5.4.2. As the processing is computerized 
the quality of information generated from these systems is timely, accurate, fast and reliable. 



Fig. 5.4.2: Computerized Processing Cycle 

The world has been rapidly moving towards more and more automation. Traditional manual 
systems are being replaced by computerised systems. This change has impacted businesses 
majorly. Consumer attitude towards business is directed by the level of computerisation 
businesses have adopted. There is preference to reach to those people who are fast, accurate 
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and timely. The consumer behaviour has impacted the way businesses operate. The same is 
explained in the next section, which deals with delivery channels. 

5.5 Delivery Channels 

Delivery channels refer to the mode through which information or products are delivered to 
users. For example, 

♦ Delivery channels for information include: 

♦ Intranet: Network within the company/enterprise; 

♦ E-mail: The most widely used delivery channel for information today; 

♦ Internal newsletters and magazines; 

♦ Staff briefings, meetings and other face-to-face communications methods; 

♦ Notice boards in communal areas; 

♦ Manuals, guides and other printed resources; 

♦ Hand-held devices (PDAs, etc.); and 

♦ Social networking sites, like Facebook, WhatsApp, etc. 

♦ Delivery channels for products include: 

♦ Traditional models, brick and mortar type; 

♦ Buying from a shop; 

♦ Home delivery of products; 

♦ Buying from a departmental store; and 

♦ Buying online, getting home delivery and making cash payment on delivery. 

5.5.1 Importance 

Enterprises need to be aware of ‘what information is required for effective delivery of products 
or services’. It is important to have proper and accurate delivery channels for information or 
product distribution and to consider each of these channels while planning an overall 
information management and communications strategy. In practice, more than one of these 
delivery channels will be needed, with different channels used to reach specific user groups. 

5.5.2 Information Delivery Channel: How to choose one? 

When choosing appropriate delivery channels, consider the following suggestions: 

♦ More than just the Intranet: It is rarely sensible to have a goal of “increasing intranet 
usage”. Fundamentally, staff will (and should) use whichever methods are easiest and 
most efficient to obtain information. Any attempt to move staff usage to the intranet away 
from existing information sources will almost certainly fail, unless the intranet is easier 
than the current methods. 
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For example, it may be effective to put a notice on the notice board in a canteen (such as 
for field staff), rather than putting the same on intranet. 

♦ Understand staff needs & environment: Job roles and work environments will have a 
major impact upon the suitability of delivery channels. This includes which systems do 
staff use, their level of PC access, their amount of computer knowledge, and their 
geographic location. 

For example, there may only be a single PC in an enterprise and people working may have 
no time available in the day to access the intranet anyway. In this situation, the intranet would 
not be an effective delivery channel and face-to-face communication may be better. 

♦ Traditional Channel need to be formalized: Instead of attempting to eliminate existing 
information sources in favor of the intranet, it may be more beneficial to formalize the 
current practices. 

For example, staff may have key details pinned to the walls of their cubicles or work 
locations. The best outcome in this situation could be to organize monthly reprinting of 
these notes to ensure they are up-to-date. 

5.5.3 Product Delivery Channels: How to choose one? 

The way customer response is changing the way business operates. Online retailers are 
giving a run for money to physical mall owners. Customers while going for online shopping find 
wide range of products. The best part is that, a customer in a small town/village can have a 
shopping experience of a large store. 

The change is so drastic that physical brick and mortar sellers have to bring themselves on 
internet. The change is other way round also. Many online travel sites have opened brick and 
mortar office in cities and towns, to meet their customers. The key words are “convincing” and 
“capturing” the customer. So, any delivery channel shall work till it convinces customer. 

The customers have moved from purchase of physical books to e-books. This shift has forced 
business to strategize their delivery channels. 

5.6 Controls in BPA 

In today’s computerized information systems, most of the business processes are being 
automated. Enterprises are increasingly relying on IT for business information and transaction 
processing. The growth of e-commerce has been supported by the growth of the Internet. The 
same has completely changed the business processes. The innovations in IT components such as 
hardware, software, networking technology, communication technology and ever-increasing 
bandwidth are leading to evolution of completely new business models. 

All these new business models and new methods presume that the information required by 
business managers is available all the time and is accurate. However, there is a need to 
ensure that all information that is generated from system is accurate, complete and reliable for 
decision making, hence the requirement for proper controls. 
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Control is defined as policies, procedures, practices and organization structure that are 
designed to provide reasonable assurance that business objectives are achieved and 
undesired events are prevented or detected and corrected. 

5.6.1 Control Objectives 

Major control objectives are given as follows: 

♦ Authorization - ensures that all transactions are approved by responsible personnel in 
accordance with their specific or general authority before the transaction is recorded. 

♦ Completeness - ensures that no valid transactions have been omitted from the 
accounting records. 

♦ Accuracy - ensures that all valid transactions are accurate, consistent with the 
originating transaction data, and information is recorded in a timely manner. 

♦ Validity - ensures that all recorded transactions fairly represent the economic events that 
actually occurred, are lawful in nature, and have been executed in accordance with 
management's general authorization. 

♦ Physical Safeguards and Security - ensures that access to physical assets and 
information systems are controlled and properly restricted to authorized personnel. 

♦ Error Handling - ensures that errors detected at any stage of processing receive prompt 
corrective action and are reported to the appropriate level of management. 

♦ Segregation of Duties - ensures that duties are assigned to individuals in a manner that 
ensures that no one individual can control both the recording function and the procedures 
relative to processing a transaction. 

The controls are used to Prevent, Detect, or Correct unlawful events. An unlawful event can 
arise if unauthorized, inaccurate, incomplete, redundant, ineffective, or inefficient input enters 
the system. 

♦ Preventive Control: Those, which prevent occurrence of an error/fraud, say security 
guards 

♦ Detective Control: Those, which capture an error, say audit trail. 

♦ Corrective Control: Those, which correct an error or reduce the loss due to error/risk, 
say insurance policy. 

5.6.2 Information Systems’ Controls 

Usually auditors cannot examine and evaluate all the data processing carried out within an 
organization. They need guidelines that will direct them toward those aspects of the 
information systems function in which material losses or account misstatements are most 
likely to occur. Ultimately auditors must evaluate the reliability of controls; they need to 
understand the nature of controls. Controls reduce expected losses from unlawful events by - 
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(i) decreasing the probability of the event occurring in the first place, or 

(ii) limiting the losses that arise of the event occurs. 

There can be different aspects under which the study on the controls be discussed. However, 
to understand the controls relevant for information systems and their audit, we shall divide the 
study in two parts - Managerial controls and Application Controls. 

A. Managerial Controls: In this part, we shall examine controls over the managerial 
functions that must be performed to ensure the development, implementation, operation and 
maintenance of information systems in a planned and controlled manner in an organization. 
The controls at this level provide a stable infrastructure in which information systems can be 
built, operated, and maintained on a day-to-day basis as discussed in Table 5.6.1. 


Table 5.6.1: Types of Management Subsystem and their description* 


Management 

Subsystem 

Description of Subsystem 

Top Management 

Top management must ensure that information systems 
function is well managed. It is responsible primarily for long - 
run policy decisions on how Information Systems will be used 
in the organization. 

Information 

Systems 

Management 

IS management has overall responsibility for the planning and 
control of all information system activities. It also provides 
advice to top management in relation to long-run policy 
decision making and translates long-run policies into short-run 
goals and objectives. 

Systems 

Development 

Management 

Systems Development Management is responsible for the 
design, implementation, and maintenance of application 
systems. 

Programming 

Management 

It is responsible for programming new system; maintain old 
systems and providing general systems support software. 

Data Administration 

Data administration is responsible for addressing planning and 
control issues in relation to use of an organization’s data. 

Quality Assurance 
Management 

It is responsible for ensuring information systems development; 
implementation, operation, and maintenance conform to 
established quality standards. 


“Information Systems 
Education, Page No. 63 


Control and Audit”, Ron Weber, Third Impression 2009, Pearson 
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Security 

Administration 

It is responsible for access controls and physical security over 
the information systems function. 

Operations 

Management 

It is responsible for planning and control of the day-to-day 
operations of information systems. 


B. Application Controls: In the second part, we shall examine the application functions 
that need to be in place to accomplish reliable information processing. Refer to the Table 
5.6.2. 


Table 5.6.2: Types of Application Subsystem and their description* 


Application 

Subsystem 

Description of Subsystem 

Boundary 

Comprises the components that establish the interface between the 
user and the system. 

Input 

Comprises the components that capture, prepare, and enter 
commands and data into the system. 

Communication 

Comprises the components that transmit data among subsystems 
and systems. 

Processing 

Comprises the components that perform decision making, 
computation, classification, ordering, and summarization of data in 
the system. 

Output 

Comprises the components that retrieve and present data to users of 
the system. 

Database 

Comprises the components that define, add, access, modify, and 
delete data in the system. 


5.6.3 Managerial Functions Based Controls 

(i) Top Management and Information Systems Management Controls: The senior 

managers who take responsibility for IS function in an organization face many challenges. The 
major functions that a senior manager must perform are as follows: 

• Planning - determining the goals of the information systems function and the means of 
achieving these goals; 

• Organizing - gathering, allocating, and coordinating the resources needed to 
accomplish the goals; 


“Information Systems Control and Audit”, Ron Weber, Third Impression 2009, Pearson 
Education, Page No. 63 and 64 
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• Leading - motivating, guiding, and communicating with personnel; and 

• Controlling - comparing actual performance with planned performance as a basis for 
taking any corrective actions that are needed. 

Top management must prepare two types of information systems plans for the information 
systems function: a Strategic Plan and an Operational Plan. The Strategic Plan is the long- 
run plan covering, say, the next three to five years of operations whereas the Operational 
Plan is the short-plan covering, say, next one to three years of operations. Both the plans 
need to be reviewed regularly and updated as the need arises. The planning depends upon 
factors such as the importance of existing systems, the importance of proposed information 
systems, and the extent to which IT has been integrated into daily operations 

(ii) Systems Development Management Controls: Systems Development Management 
has responsibility for the functions concerned with analyzing, designing, building, 
implementing, and maintaining information systems. Three different types of audits may be 
conducted during system development process as discussed in the Table 5.6.3: 


Table 5.6.3: Different types of Audit during System Development Process 


Concurrent 

Audit 

Auditors are members of the system development team. They assist 
the team in improving the quality of systems development for the 
specific system they are building and implementing. 

Post- 

implementation 

Audit 

Auditors seek to help an organization learn from its experiences in the 
development of a specific application system. In addition, they might 
be evaluating whether the system needs to be scrapped, continued, or 
modified in some way. 

General Audit 

Auditors evaluate systems development controls overall. They seek to 
determine whether they can reduce the extent of substantive testing 
needed to form an audit opinion about management’s assertions 
relating to the financial statements for systems effectiveness and 
efficiency. 


(iii) Programming Management Controls: Program development and implementation is a 
major phase within the systems development life cycle. The primary objectives of this phase 
are to produce or acquire and to implement high-quality programs. The program development 
life cycle comprises six major phases - Planning; Design; Control; Coding; Testing; and 
Operation and Maintenance with Control phase running in parallel for all other phases as 
shown in the Table 5.6.4. The purpose of the control phase during software development or 
acquisition is to monitor progress against plan and to ensure software released for production 
use is authentic, accurate, and complete. 
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Table 5.6.4: Phases of Program Development Life Cycle 


Phase 

Controls 

Planning 

Techniques like Work Breakdown Structures (WBS), Gantt Charts and 
PERT (Program Evaluation and Review Technique) Charts can be 
used to monitor progress against plan. 

Design 

A systematic approach to program design, such as any of the 
structured design approaches or object-oriented design is adopted. 

Coding 

Programmers must choose a module implementation and integration 
strategy (like Top-down, bottom-up and Threads approach), a coding 
strategy (that follows the percepts of structured programming), and a 
documentation strategy (to ensure program code is easily readable and 
understandable). 

Testing 

Three types of testing can be undertaken: 

• Unit Testing - which focuses on individual program modules; 

• Integration Testing - Which focuses in groups of program 
modules; and 

• Whole-of-Program Testing - which focuses on whole program. 
These tests are to ensure that a developed or acquired program 
achieves its specified requirements. 

Operation 

and 

Maintenance 

Management establishes formal mechanisms to monitor the status of 
operational programs so maintenance needs can be identified on a 
timely basis. Three types of maintenance can be used - 
Repair maintenance - in which program errors are corrected; 

Adaptive Maintenance - in which the program is modified to meet 
changing user requirements; and 

Perfective Maintenance - in which the program is tuned to decrease the 
resource consumption. 


(iv) Data Resource Management Controls: Many organizations now recognize that data is 
a critical resource that must be managed properly and therefore, accordingly, centralized 
planning and control are implemented. For data to be managed better users must be able to 
share data, data must be available to users when it is needed, in the location where it is 
needed, and in the form in which it is needed. Further it must be possible to modify data fairly 
easily and the integrity of the data be preserved. If data repository system is used properly, it 
can enhance data and application system reliability. It must be controlled carefully, however, 
because the consequences are serious if the data definition is compromised or destroyed. 
Careful control should be exercised over the roles by appointing senior, trustworthy persons, 
separating duties to the extent possible and maintaining and monitoring logs of the data 
administrator’s and database administrator’s activities. 
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(v) Quality Assurance Management Controls: Organizations are increasingly producing 
safety-critical systems and users are becoming more demanding in terms of the quality of the 
software they employ to undertake their work. Organizations are undertaking more ambitious 
information systems projects that require more stringent quality requirements and are 
becoming more concerned about their liabilities if they produce and sell defective software. 

(vi) Security Management Controls: Information security administrators are responsible for 
ensuring that information systems assets are secure. Assets are secure when the expected 
losses that will occur over some time are at an acceptable level. Some of the major threats 
and to the security of information systems and their controls are as discussed in the Table 
5 . 6 . 5 : 


Table 5.6.5: Major threats and their control measures 


Threat 

Control 

Fire 

Well-designed, reliable fire-protection systems must be 
implemented. 

Water 

Facilities must be designed and sited to mitigate losses from 
water damage 

Energy Variations 

Voltage regulators, circuit breakers, and uninterruptible 
power supplies can be used. 

Structural Damage 

Facilities must be designed to withstand structural damage. 

Pollution 

Regular cleaning of facilities and equipment should occur. 

Unauthorized Intrusion 

Physical access controls can be used. 

Viruses and Worms 

Controls to prevent use of virus-infected programs and to 
close security loopholes that allow worms to propagate. 

Misuse of software, 
data and services 

Code of conduct to govern the actions of information systems 
employees. 

Hackers 

Strong, logical access controls to mitigate losses from the 
activities of hackers. 


(vii) Operations Management Controls: Operations management is responsible for the daily 
running of hardware and software facilities. Operations management typically performs 
controls over the functions like Computer Operations, Communications Network Control, Data 
Preparation and Entry, Production control, File Library; Documentation and Program Library; 
Help Desk/Technical support; Capacity Planning and Performance Monitoring and Outsourced 
Operations. Operations management control must continuously monitor the performance of 
the hardware/software platform to ensure that systems are executing efficiently, an acceptable 
response time or turnaround time is being achieved, and an acceptable level of uptime is 
occurring. 
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5.6.4 Application Functions Based Controls (Refer to the Fig. 5.6.1) 

(i) Boundary Controls: Controls in the boundary subsystem have three purposes - 

• to establish the identity and authenticity of would-be-users of a computer system; 

• to establish the identity and authenticity of computer-system resources that users 
wish to employ; and 

• to restrict the actions undertaken by users who obtain computer resources to a set 
of authorized actions. 

Some major types of controls exercised in the boundary subsystem are as follows: 

• Cryptographic Controls: These are designed to protect the privacy of data and to 
prevent unauthorized modifications of data. Cryptography achieves this goal by 
scrambling data into codes (cryptograms) so that it is meaningless to anyone who 
does not possess the authentication to access the respective system resource or 
file. 

• Access Controls : These controls restrict use of computer system resources to 
authorized users, limit the actions authorized users can taker with these 
resources, and ensure that users obtain only authentic computer system 
resources. In a shared resource environment, auditors should have two concerns 
- first, they need to determine how well any access control mechanism uses 
safeguards assets and preserves data integrity and secondly, given the 
capabilities of the access control mechanism that are available for any particular 
application system; auditors must determine whether the access controls chosen 
for that system suffice. An access control mechanism processes users’ requests 
for resources in three steps: 

• Identification : First users identify themselves to the mechanism, thereby 
indicating their intent to request system resources. 

• Authentication : It is a two way process wherein users must authenticate 
themselves, and the mechanism in turn must authenticate itself. That means, 
not only must the mechanism be sure it has a valid user, users must also be 
sure that they have a valid mechanism. 

• Authorization : Users must request specific resources and specify the 
actions they intend to take with the resources. 

User identification by an authentication mechanism with personal characteristics 
like name, birth date, employee code, function, designation or a combination of 
two or more of these can be used as a password boundary access control. 

• Personal Identification Numbers (PIN): The Personal Identification Number is 
similar to a password assigned to a user by an institution based on the user 
characteristics and encrypted using a cryptographic algorithm. The application 
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generates a random number stored in its database independent of user 
identification details or a customer selected number. 

• Digital Signatures : In computer system, Digital Signatures establish the 
authenticity of persons and prevent the denial of messages or contracts when 
data is exchanged electronically. 

• Plastic Cards: Plastic Cards are used to store information required in an 
authentication process. These cards that are used to identify a user need to go 
through procedural controls like application fora card, preparation of the card, issue 
of the card, use of the card and return of the card or card termination phases. 
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(ii) Input Controls: These are responsible for ensuring the accuracy and completeness of 
data that are input into an application system. Input controls are important since 
substantial time is spent on inputting data which involves human intervention and are 
therefore prone to errors and fraud. The type of data input method used in an information 
system affects asset safeguarding, data integrity, system effectiveness, and system 
efficiency objectives. If data is keyed into an information system via a terminal, high- 
quality screen design is important to minimizing input errors and to achieving effective 
and efficient input of data. 

• Source Document Control: From a control viewpoint, a well-designed source 
document reduces the likelihood of data recording errors, increases the speed with 
which data can be recorded and controls the work flow. Source Document Controls 
facilitates the data entry into a computer system and subsequent reference 
checking. 

• Data Coding Controls: Data Coding Controls are put in place to reduce user error 
during data feeding. 

• Batch Controls: These are put in place at locations where batch processing is 
being used. Batch processing is where there is a time gap between occurrence and 
recording of transactions, that is, transactions are not recorded at the time of 
occurrence but are accumulated and a set (based on number/ time) is processed. 

• Validation Controls: These validate the accuracy/ correctness of input data. Input 
Validation Controls are intended to detect errors in transaction data before the data 
are processed. 

(iii) Communication Controls : Components in the communication subsystem are 
responsible for transporting data among all the other subsystems within a system 
and for transporting data to or receiving data from another system. Three types of 
exposure arise in the communication subsystem. 

(a) As data is transported across a communication subsystem, it can be impaired 
through attenuation, delay distortion, and noise. 

(b) The hardware and software components in a communication subsystem can 
fail. 

(c) The communication subsystem can be subjected to passive or active 
subversive attacks. 

• Physical Component Controls : One way to reduce expected losses in the 
communication subsystem is to choose physical component that have 
characteristics that make them reliable and that incorporate features or 
provide controls that mitigate the possible effects of exposures. These 
controls involve Transmission Media - Bounded (Guided) Media or Unbounded 


© The Institute of Chartered Accountants of India 




5.31 Information Technology 


( Unguided ) Media; Communication Lines - Private (Leased) or Public; 
Modems; Port Protection Devices; Multiplexors and Concentrators. 

• Line Error Controls : Whenever data is transmitted over a communication line, 
it can be received in error because of attenuation, distortion, or noise that 
occurs on the line. Error Detection (using Parity Checking, Cyclic Redundancy 
Checks (CRC) and Loop Check) and Error Correction (using forward Error 
Correcting Codes and Backward Error Correction) are the two major 
approaches under Line Error Controls. 

• Flow Controls : These are needed because two nodes in a network can differ in 
terms of the rate at which they can send receive and process data. The 
simplest form of flow control is “Stop-and-Wait Flow Control" in which the 
sender transmits a frame of data only when the receiver is ready to accept the 
frame. 

• Link Controls : This involves two common protocols - HDLC (Higher Level 
Data Control) and SDLC (Synchronous Data Link Control); the study of these 
is beyond the scope of this book. 

• Topological Controls : A communication network topology specifies the 
location of nodes within a network, the ways in which these nodes will be 
linked, and the data transmission capabilities of the links between the nodes. 
Some of the four basic topologies include Bus, Ring, Star and Tree Topology. 

• Channel Access Controls : Two different nodes in a network can compete to 
use a communication channel. Whenever the possibility of contention for the 
channel exists, some type of channel access control technique must be used. 
These techniques fall into two classes - Polling methods and Contention 
methods . Polling techniques establish an order in which a node can gain 
access to channel capacity; whereas in Contention methods, nodes in a 
network must compete with each other to gain access to a channel. 

• Internetworking Controls : Internetworking is the process of connecting two or 
more communication networks together to allow the users of one network to 
communicate with the users of other networks. Three types of devices are 
used to connect sub-networks in an Internet: Bridge, Router and Gateway. 

(iv) Processing Controls: Data processing controls perform validation checks to identify 

errors during processing of data. They are required to ensure both the completeness and 

accuracy of the data being processed. However, adequate controls should be enforced 

through the front end application system also, to have consistency in the control process. 

Some of them are as follows: 

• Run-to-Run Totals: These help in verifying data that is subject to process through 
different stages. A specific record (probably the last record) can be used to maintain 
the control total. 
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• Reasonableness Verification: Two or more fields can be compared and cross 
verified to ensure their correctness. 

• Edit Checks: Edit checks similar to the data validation controls can also be used at 
the processing stage to verify accuracy and completeness of data. 

• Field Initialization: Data overflow can occur, if records are constantly added to a 
table or if fields are added to a record without initializing it, i.e., setting all values to 
zero before inserting the field or record. 

• Exception Reports: Exception reports are generated to identify errors in data 
processed. 

• Existence/Recovery Controls: The check-point/restart logs, facility is a short-term 
backup and recovery control that enables a system to be recovered if failure is 
temporary and localized. 

(v) Output Controls: Output controls ensure that the data delivered to users will be 
presented, formatted and delivered in a consistent and secured manner. Whatever the 
type of output, it should be ensured that the confidentiality and integrity of the output is 
maintained and that the output is consistent. Output controls have to be enforced both in 
a batch-processing environment as well as in an online environment. 

• Storage and Logging of Sensitive and Critical Forms: Pre-printed stationery 
should be stored securely to prevent unauthorized destruction or removal and 
usage. Only authorized persons should be allowed access to stationery supplies 
such as security forms, negotiable instruments etc. 

• Logging of Output Program Executions: When programs, used for output of data, 
are executed, they should be logged and monitored. 

• Controls over Printing: It should be ensured that unauthorized disclosure of 
information printed is prevented. 

• Report Distribution and Collection Controls: Distribution of reports should be 
made in a secure way to avoid unauthorized disclosure of data. A log should be 
maintained as to what reports were generated and to whom it was distributed. 

• Retention Controls: Retention controls consider the duration for which outputs 
should be retained before being destroyed. Consideration should be given to the 
type of medium on which the output is stored. 

• Existence/Recovery Controls: These controls are needed to recover output in the 
event that it is lost or destroyed. If the output is written to a spool of files or report 
files and has been kept, then recovery is easy and straight-forward. 

(vi) Database Controls: The database subsystem is responsible for defining, creating, modifying, 
deleting, and reading data in an information system. It maintains declarative data, relating to 
the static aspects of real-world objects and their associations, and procedural data, relating to 
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the dynamic aspects of real-world objects and their associations. Database Controls protect 
the integrity of a database when application software acts as an interface to interact between 
the user and the database. 

• Sequence Check Transaction and Master Files: Synchronization and the correct 
sequence of processing between the master file and transaction file is critical to 
maintain the integrity of updation, insertion or deletion of records in the master file 
with respect to the transaction records. If errors in this stage are overlooked, it leads 
to corruption of the critical data. 

• Ensure all records on files are processed: While processing the transaction file 
records mapped to the respective master file the end-of-file of the transaction file 
with respect to the end-of-file of the master file is to be ensured. 

• Process multiple transactions for a single record in the correct order: Multiple 
transactions can occur based on a single master record. For example, dispatch of a 
product to different distribution centers. The order in which transactions are 
processed against the product master record must be done based on a sorted 
transaction codes. 

5.7 Emerging Technologies 

Various emerging technologies/concepts are given in the following sections: 

5.7.1 Virtualization 

In computing, virtualization means to create a virtual version of a device or resource, 
such as a server, storage device, network or even an operating system where the 
framework divides the resource into one or more execution environments. Virtualization 
refers to technologies designed to provide a layer of abstraction between computer 
hardware systems and the software running on them. By providing a logical view of 
computing resources, rather than a physical view; virtualization allows its’ users to 
manipulate their systems’ operating systems into thinking that a group of servers is a 
single pool of computing resources and conversely, allows its users to run multiple 
operating systems simultaneously on a single machine. 

The core concept of Virtualization lies in Partitioning, which divides a single physical 
server into multiple logical servers. Once the physical server is divided, each logical 
server can run an operating system and applications independently. 

For example ■ Partitioning of a hard drive is considered virtualization because one drive 
is partitioned in a way to create two separate hard drives. Devices, applications and 
human users are able to interact with the virtual resource as if it were a real 
single logical resource. 
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Major applications of the concepts of the virtualization are given as follows: 

♦ Server Consolidation: Virtual machines are used to consolidate many physical servers 
into fewer servers, which in turn host virtual machines. Each physical server is reflected 
as a virtual machine "guest" residing on a virtual machine host system. This is also 
known as “Physical-to-Virtual” or 'P2V' transformation. 

♦ Disaster Recovery: Virtual machines can be used as "hot standby" environments for 
physical production servers. This changes the classical "backup-and-restore" philosophy, 
by providing backup images that can "boot" into live virtual machines, capable of taking 
overworkload fora production server experiencing an outage. 

♦ Testing and Training: Virtualization can give root access to a virtual machine. This can 
be very useful such as in kernel development and operating system courses. 

♦ Portable Applications: Portable applications are needed when running an application 
from a removable drive, without installing it on the system's main disk drive. Virtualization 
can be used to encapsulate the application with a redirection layer that stores temporary 
files, windows registry entries and other state information in the application's installation 
directory and not within the system's permanent file system. 

♦ Portable Workspaces: Recent technologies have used virtualization to create portable 
workspaces on devices like iPods and USB memory sticks. 

Some common types of Virtualization 

Hardware Virtualization ; Hardware Virtualization or Platform Virtualization refers to the 
creation of a virtual machine that acts like a real computer with an operating system. 
Software executed on these virtual machines is separated from the underlying hardware 
resources. For example, a computer that is running Microsoft Windows may host a 
virtual machine that looks like a computer with the Linux operating system; based 
software that can be run on the virtual machine. 

The basic idea of Hardware virtualization is to consolidate many small physical servers 
into one large physical server so that the processor can be used more effectively. The 
software that creates a virtual machine on the host hardware is called 
a hypervisor or Virtual Machine Manager. The hypervisor controls the processor, 
memory and other components by allowing several different operating systems to run 
on the same machine without the need for a source code. The operating system running 
on the machine will appear to have its own processor, memory and other components. 

Network Virtualization : Network virtualization is a method of combining the available 
resources in a network by splitting up the available bandwidth into channels, each of 
which is independent from the others, and each of which can be assigned (or 
reassigned) to a particular server or device in real time. This allows a large physical 
network to be provisioned into multiple smaller logical networks and conversely allows 
multiple physical LANs to be combined into a larger logical network. This behaviour 
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allows administrators to improve network traffic control, enterprise and security. 
Network virtualization involves platform virtualization, often combined with resource 
virtualization. 

Various equipment and software vendors offer network virtualization by combining any 
of the Network hardware such as switches and network interface cards (NICs); Network 
elements such as firewalls and load balancers; Networks such as virtual LANs (VLANs); 
Network storage devices; Network machine-to-machine elements such as 
telecommunications devices; Network mobile elements such as laptop computers, 
tablet computers, smart phones and Network media such as Ethernet and Fibre 
Channel. Network virtualization is intended to optimize network speed, reliability, 
flexibility, scalability, and security. 

Storage Virtualization : Storage virtualization is the apparent pooling of data from 
multiple storage devices, even different types of storage devices, into what appears to 
be a single device that is managed from a central console. Storage virtualization helps 
the storage administrator perform the tasks of backup, archiving, and recovery more 
easily - and in less time -- by disguising the actual complexity of a Storage Area 
Network (SAN). Administrators can implement virtualization with software applications 
or by using hardware and software hybrid appliances. The servers connected to the 
storage system aren’t aware of where the data really is. Storage virtualization is 
sometimes described as “abstracting the logical storage from the physical storage. 

5.7.2 Grid Computing 

Grid Computing is a computer network in which each computer's resources are shared 
with every other computer in the system, it is a distributed architecture of large 
numbers of computers connected to solve a complex problem, in the grid computing 
model, servers or personal computers run independent tasks and are loosely linked by 
the internet or low-speed networks. 

A typical Grid Model is shown in Fig. 5.7.1. 
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It is a special kind of distributed computing. In distributed computing, different 
computers within the same network share one or more resources. In the ideal grid 
computing system, every resource is shared, turning a computer network into a 
powerful supercomputer. With the right user interface, accessing a grid computing 
system would look no different than accessing a local machine's resources. Every 
authorized computer would have access to enormous processing power and storage 
capacity. 

(i) Benefits of Grid Computing 

• Making use of Underutilized Resources : In most organizations, there are large 
amounts of underutilized computing resources. In some organizations, even 
the server machines can often be relatively idle. Grid computing provides a 
framework for exploiting these underutilized resources and thus has the 
possibility of substantially increasing the efficiency of resource usage. Grid 
computing (more specifically, a data grid) can be used to aggregate this 
unused storage into a much larger virtual data store, possibly configured to 
achieve improved performance and reliability over that of any single machine. 

• Resource Balancing : For applications that are grid-enabled, the grid can offer 
a resource balancing effect by scheduling grid jobs on machines with low 
utilization. This feature of grid computing handles occasional peak loads of 
activity in parts of a larger organization. An unexpected peak can be routed to 
relatively idle machines in the grid; and if the grid is already fully utilized, the 
lowest priority work being performed on the grid can be temporarily 
suspended or even cancelled and performed again later to make room for the 
higher priority work. 

• Parallel CPU Capacity : The potential for usage of massive parallel CPU 
capacity is one of the most common visions and attractive features of a grid. 
A CPU-intensive grid application can be thought of as many smaller sub-jobs, 
each executing on a different machine in the grid. To the extent that these 
sub-jobs do not need to communicate with each other, the more scalable the 
application becomes. A perfectly scalable application will, for example, finish 
in one tenth of the time if it uses ten times the number of processors 

• Virtual resources and virtual organizations for collaboration : Another 
capability enabled by grid computing is to provide an environment for 
collaboration among a wider audience. The users of the grid can be organized 
dynamically into a number of virtual organizations, each with different policy 
requirements. These virtual organizations can share their resources such as 
data, specialized devices, software, services, licenses, and so on, collectively 
as a larger grid. These resources are virtualized to give them a more uniform 
interoperability among heterogeneous grid participants. The participants and 
users of the grid can be members of several real and virtual organizations. 
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The grid can help in enforcing security rules among them and implement 
policies, which can resolve priorities for both resources and users. 

• Access to additional resources : In addition to CPU and storage resources, a 
grid can provide access to other resources as well. For example, if a user 
needs to increase their total bandwidth to the Internet to implement a data 
mining search engine, the work can be split among grid machines that have 
independent connections to the Internet. In this way, total searching capability 
is multiplied, since each machine has a separate connection to the Internet. 
Some machines may have expensive licensed software installed that users 
require. Users’ jobs can be sent to such machines, more fully exploiting the 
software licenses. Some machines on the grid may have special devices. All 
of these will make the grid look like a large system with a collection of 
resources beyond what would be available on just one conventional machine. 

• Reliability : High-end conventional computing systems use expensive 
hardware to increase reliability. The machines also use duplicate processors 
in such a way that when they fail, one can be replaced without turning the 
other off. Power supplies and cooling systems are duplicated. The systems 
are operated on special power sources that can start generators if utility 
power is interrupted. All of this builds a reliable system, but at a great cost, 
due to the duplication of expensive components. 

• Management : The goal to virtualize the resources on the grid and more 
uniformly handle heterogeneous systems create new opportunities to better 
manage a larger, more distributed IT infrastructure. The grid offers 
management of priorities among different projects. Aggregating utilization 
data over a larger set of projects can enhance an organization’s ability to 
project future upgrade needs. When maintenance is required, grid work can be 
rerouted to other machines without crippling the projects involved. 

(ii) Types of Resources 

A grid is a collection of machines, sometimes referred to as nodes, resources, 
members, donors, clients, hosts and many other such terms. They all contribute 
any combination of resources to the grid as a whole. Some resources may be used 
by all users of the grid, while others may have specific restrictions. 

• Computation : The most common resource is Computing Cycles provided by 
the processors of the machines on the grid where processors can vary in 
speed, architecture, software platform, and other associated factors such as 
memory, storage, and connectivity. There are three primary ways to exploit 
the computation resources of a grid. 

o To run an existing application on an available machine on the grid rather 
than locally; 
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o To use an application designed to split its work in such a way that the 
separate parts can execute in parallel on different processors; and 

o To run an application, that needs to be executed many times, on many 
different machines in the grid. 

• Storage : The second most common resource used in a grid is Data Storage. A 
grid providing an integrated view of data storage is sometimes called a Data 
Grid. Each machine on the grid usually provides some quantity of storage for 
grid use, even if temporary. Storage can be memory attached to the processor 
or it can be secondary storage, using hard disk drives or other permanent 
storage media. More advanced file systems on a grid can automatically 
duplicate sets of data, to provide redundancy for increased reliability and 
increased performance. 

• Communications : Communications within the grid are important for sending 
jobs and their required data to points within the grid. The bandwidth available 
for such communications can often be a critical resource that can limit 
utilization of the grid. Redundant communication paths are sometimes needed 
to better handle potential network failures and excessive data traffic. In some 
cases, higher speed networks must be provided to meet the demands of jobs 
transferring larger amounts of data. 

• Software and Licenses : The grid may have software installed that may be too 
expensive to install on every grid machine. Some software licensing 
arrangements permit the software to be installed on all of the machines of a 
grid but may limit the number of installations that can be simultaneously used 
at any given instant. License management software keeps track of how many 
concurrent copies of the software are being used and prevents more than that 
number from executing at any given time. 

• Special equipment, capacities, architectures, and policies : Platforms on the 
grid will often have different architectures, operating systems, devices, 
capacities, and equipment. Each of these items represents a different kind of 
resource that the grid can use as criteria for assigning jobs to machines. For 
example, some machines may be designated to only be used for medical 
research. These would be identified as having a medical research attribute 
and the scheduler could be configured to only assign jobs that require 
machines of the medical research resource. 

(Hi) Using a Grid: User’s Perspective 

• Enrolling and installing Grid Software : A user may first have to enroll his 
machine as a donor on the grid and install the provided grid software on his 
own machine that may require authentication for security purposes. The user 
positively establishes his identity with a Certificate Authority who must take 
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steps to assure that the user is in fact who he claims to be. Once the user 
and/or machine are authenticated, the grid software is provided to the user for 
installing on his machine for the purposes of using the grid as well as 
donating to the grid. 

• Loci pi nci onto the grid : Most grid systems require the user to log on to a 
system using an ID that is enrolled in the grid. Once logged on, the user can 
query the grid and submit jobs. Some grid implementations permit some 
query functions if the user is not logged into the grid or even if the user is not 
enrolled in the grid. 

• Queries and submitting jobs : The user will usually perform some queries to 
check to see how busy the grid is, to see how his submitted jobs are 
progressing, and to look for resources on the grid. Grid systems usually 
provide command-line tools as well as graphical user interfaces (GUIs) for 
queries. Job submission usually consists of three parts, even if there is only 
one command required. 

o First, some input data and possibly the executable program or execution 
script file are sent to the machine to execute the job. 

o Second, the job is executed on the grid machine. The grid software 
running on the donating machine executes the program in a process on 
the user’s behalf. 

o Third, the results of the job are sent back to the submitter. 

• Data configuration : The data accessed by the grid jobs may simply be staged 
in and out by the grid system. However, depending on its size and the number 
of jobs, this can potentially add up to a large amount of data traffic. For 
example, if there will be a very large number of sub-jobs running on most of 
the grid systems for an application that will be repeatedly run, the data they 
use may be copied to each machine and reside until the next time the 
application runs. This is preferable to using a networked file system to share 
this data, because in such a file system, the data would be effectively moved 
from a central location every time the application is run. This type of analysis 
is necessary for large jobs to better utilize the grid and not create 
unnecessary bottlenecks. 

• Monitoring progress and recovery : The user can query the grid system to see 
how his application and its sub-jobs are progressing. When the number of 
sub-jobs becomes large, it becomes too difficult to list them all in a graphical 
window. Instead, there may simply be one large bar graph showing some 
averaged progress metric. It becomes more difficult for the user to tell if any 
particular sub-job is not running properly. A grid system, in conjunction with 
its job scheduler, often provides some degree of recovery for sub-jobs that 
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fail. A job may fail due to a Programming error, Hardware or power failure, 
Communications interruption, and Excessive slowness due to infinite loop or 
some other form of contention. 

• Reserving resources : To improve the quality of a service, the user may 
arrange to reserve a set of resources in advance for his exclusive or high- 
priority use. Such a reservation system can also be used in conjunction with 
planned hardware or software maintenance events, when the affected 
resource might not be available for grid use 

(iv) Using a Grid: An Administrative Perspective 

• Planning: The administrator should understand the organization’s 

requirements for the grid to better choose the grid technologies that satisfy 
grid’s requirements. One of the first considerations is the hardware available 
and how it is connected via a LAN or WAN. Next, an organization may want to 
add additional hardware to supplement the capabilities of the grid. 

o Security : Security is a much more important factor in planning and 
maintaining a grid where data sharing comprises the bulk of the activity. 
In a grid, the member machines are configured to execute programs 
rather than just move data. This makes an unsecured grid potentially 
fertile ground for viruses and Trojan horse programs. For this reason, it 
is important to understand the issues involved in authenticating users 
and providing proper authorization for specific operations. 

o Organization : It is important to understand how the departments in an 
organization interact, operate, and contribute to the whole. Often, there 
are barriers built between departments and projects to protect their 
resources in an effort to increase the probability of timely success. For 
example, a project that finds itself behind schedule and over budget may 
not be able to afford the resources required to solve the problem. A grid 
would give such projects an added measure of safety, providing an extra 
margin of resource. 

• Installation : First, the selected grid system must be installed on an 
appropriately configured set of machines. These machines should be 
connected using networks with sufficient bandwidth to other machines on the 
grid. Machines should be configured and connected to facilitate recovery 
scenarios. Any critical databases or other data essential for keeping track of 
the jobs in the grid, members of the grid, and machines on the grid should 
have suitable backups. 

• Managing enrollment of donors and users : The administrator is responsible 
for controlling the rights of the users in the grid. Donor machines may have 
access rights that require management as well.. The rights of these grid user 
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IDs must be properly set so that grid jobs do not allow access to parts of the 
donor machine to which the users are not entitled. As users join the grid, their 
identity must be positively established and entered in the Certificate 
Authority. Further, procedures for removing users and machines must also be 
executed by the administrator. 

• Certificate Authority : It is critical to ensure the highest levels of security in a 
grid because the grid is designed to execute code and not just share data. 
Thus, viruses, Trojan horses, and other attacks cane affect the grid system. 
The Certificate Authority is one of the most important aspects of maintaining 
strong grid security. An organization may choose to use an external 
Certificate Authority or operate one itself. The primary responsibilities of a 
Certificate Authority are: 

o Positively identifying entities requesting certificates; 
o Issuing, removing, and archiving certificates; 
o Protecting the Certificate Authority server; 
o Maintaining a namespace of unique names for certificate owners; 
o Serving signed certificates to those needing to authenticate entities; and 
o Logging activity. 

• Resource Management : Another responsibility of the administrator is to 
manage the resources of the grid. This includes setting permissions for grid 
users to use the resources as well as tracking resource usage and 
implementing a corresponding accounting or billing system. Usage statistics 
are useful in identifying trends in an organization that may require the 
acquisition of additional hardware; reduction in excess hardware to reduce 
costs; and adjustments in priorities and policies to achieve better for attaining 
the overall goals of an organization etc. 

• Data sharing : For small grids, the sharing of data can be fairly easy, using 
existing networked file systems, databases, or standard data transfer 
protocols. As a grid grows and the users become dependent on any of the 
data storage repositories, the administrator should consider procedures to 
maintain backup copies and replicas to improve performance. All of the 
resource management concerns apply to data on the grid. 

(v) Application Areas of Grid Computing 

• Civil engineers collaborate to design, execute, & analyze shake table 
experiments. 

• An insurance company mines data from partner hospitals for fraud detection. 
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• An application service provider offloads excess load to a compute cycle 
provider. 

• An enterprise configures internal & external resources to support e-Business 
workload. 

• Large-scale science and engineering are done through the interaction of 
people, heterogeneous computing resources, information systems and 
instruments, all of which are geographically and organizationally dispersed. 

(vi) Grid Computing Security 

Grid systems and applications require standard security functions which are 

Authentication, Access Control, Integrity, Privacy, and No Repudiation. 

Authentication and access control issues are: 

• To provide authentication to verify the users, process which have user’s 
computation and resources used by the processes to authenticate 

• To allow local access control mechanisms to be used without change. 

To develop security architecture, following constraints are taken from the 

characteristics of grid environment and application. 

• Single Sicm-on : A user should authenticate once and they should be able to 
acquire resources, use them, and release them and to communicate internally 
without any further authentication. 

• Protection of Credentials : User passwords, private keys, etc. should be 
protected. 

• Interoperability with local security solutions : Access to local resources 
should have local security policy at a local level. Despite of modifying every 
local resource there is an inter-domain security server for providing security 
to local resource. 

• Exportability : The code should be exportable i.e. they cannot use a large 
amount of encryption at a time. There should be a minimum communication at 
a time. 

• Support for secure group communication : In a communication there are 
number of processes which coordinate their activities. This coordination must 
be secure and for this there is no such security policy. 

• Support for multiple implementations : There should be a security policy which 
should provide security to multiple sources based on public and private key 
cryptography. 


© The Institute of Chartered Accountants of India 






5.43 Information Technology 


5.7.3 Cloud Computing 

A detailed discussion on Cioud Computing, its architecture and Service Models has already 
been introduced in Chapter -2 “Information Systems and IT Fundamentals” of the Study 
Material of Intermediate (IPC) Course. However, an overview of Cloud Computing is again 
provided here. 

As already explained, Cloud Computing is the use of various services, such as software 
development platforms, servers, storage, and software, over the different networks, often 
referred to as the "cloud." 

Many cloud computing advancements are closely related to virtualization. The ability to pay 
on-demand and scale quickly is largely a result of cloud computing vendors being able to pool 
resources that may be divided among multiple clients. 

(i) Characteristics of Cloud Computing 

The following is a list of characteristics of a cloud-computing environment. Not all 
characteristics may be present in a specific cloud solution. However, some of the key 
characteristics are given as follows: 

♦ Elasticity and Scalability: Cloud computing gives us the ability to expand and reduce 
resources according to the specific service requirement. For example, we may need a 
large number of server resources for the duration of a specific task. We can then release 
these server resources after we complete our task. 

♦ Pay-per-Use: We pay for cloud services only when we use them, either for the short term 
(for example, for CPU time) or for a longer duration (for example, for cloud-based storage 
or vault services). 

♦ On-demand: Because we invoke cloud services only when we need them, they are not 
permanent parts of the IT infrastructure. This is a significant advantage for cloud use as 
opposed to internal IT services. With cloud services there is no need to have dedicated 
resources waiting to be used, as is the case with internal services. 

♦ Resiliency: The resiliency of a cloud service offering can completely isolate the failure of 
server and storage resources from cloud users. Work is migrated to a different physical 
resource in the cloud with or without user awareness and intervention. 

♦ Multi Tenancy: Public cloud service providers often can host the cloud services for 
multiple users within the same infrastructure. Server and storage isolation may be 
physical or virtual depending upon the specific user requirements. 

♦ Workload Movement: This characteristic is related to resiliency and cost considerations. 
Here, cloud-computing providers can migrate workloads across servers both inside the 
data center and across data centers (even in a different geographic area). This migration 
might be necessitated by cost (less expensive to run a workload in a data center in 
another country based on time of day or power requirements) or efficiency considerations 
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(for example, network bandwidth). A third reason could be regulatory considerations for 
certain types of workloads. 

(ii) Cloud Service Models 

Although Cloud Service Models (SaaS, PaaS, NaaS, CaaS and laaS) have already been 
discussed in Chapter - 2 “Information Systems and IT Fundamentals” of the Study Material; 
we shall here again discuss the common Cloud Computing Service Models - Software as a 
Service (SaaS), Platform as a Service (PaaS) or Infrastructure as a Service (laaS), as shown 
in Fig. 5.7.2. 

♦ Software as a Service (SaaS): SaaS features a complete application offered as a 
service on-demand. A service provider hosts the application at its data centre over the 
Internet and customer accesses it via a standard Web browser. For example, Google 
Apps. 

♦ Platform as a Service (PaaS): PaaS delivery model allows a customer to rent virtualized 
servers and associated services used to run existing applications, or to design, develop, 
test, deploy and host applications. The consumer may create software using tools and/or 
libraries from the provider. The consumer may also control software deployment and 
configuration settings. The provider provides the networks, servers, storage, and other 
services. For example, AppScale allows a user to deploy some applications written for 
Google App Engine to their own servers. 

♦ Infrastructure as a Service (laaS): laaS delivers computer infrastructure on an 
outsourced basis to support enterprise operations. Typically, laaS provides hardware, 
storage, servers and data centre space or network components; it may also include 
software. 
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(iii) Advantages of Cloud Computing 

If used properly and to the extent necessary, working with data in the cloud can vastly 
benefit all types of businesses. Mentioned below are some of the advantages of this 
technology: 

• Cost Efficient: Cloud computing is probably the most cost efficient method to use, 
maintain and upgrade. 

• Almost Unlimited Storage: Storing information in the cloud gives us almost 
unlimited storage capacity. 

• Backup and Recovery: Since all the data is stored in the cloud, backing it up and 
restoring the same is relatively much easier than storing the same on a physical 
device. Furthermore, most cloud service providers are usually competent enough to 
handle recovery of information. 

• Automatic Software Integration: In the cloud, software integration is usually 
something that occurs automatically. Not only that, cloud computing allows us to 
customize the options with great ease. Hence, we can handpick just those services 
and software applications that we think will best suit the particular enterprise. 

• Easy Access to Information: Once we register ourselves in the cloud, we can 
access the information from anywhere, where there is an Internet connection. 

• Quick Deployment: Once we opt for this method of functioning, the entire system 
can be fully functional in a matter of a few minutes. Of course, the amount of time 
taken here will depend on the exact kind of technology that we need for our 
business. 

(iv) Disadvantages of Cloud Computing 

In spite of its many benefits, as mentioned above, cloud computing also has its 
disadvantages. Businesses, especially smaller ones, need to be aware of these cons 
before going in for this technology. Major disadvantages are given as follows: 

• Technical Issues: This technology is always prone to outages and other technical 
issues. Even the best cloud service providers run into this kind of trouble, in spite of 
keeping up high standards of maintenance. We will invariably be stuck in case of 
network and connectivity problems. 

• Security in the Cloud: Surrendering all the company’s sensitive information to a 
third-party cloud service provider could potentially put the company to great risk. 

• Prone to Attack: Storing information in the cloud could make the company 
vulnerable to external hack attacks and threats. Nothing on the Internet is 
completely secure and hence, there is always the lurking possibility of stealth of 
sensitive data. 
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5.8 Summary 

Most of the enterprises processes are now automated whether they are in the private or public 
sector or government. Enterprises are increasingly relying on IT in all key areas. The 
profitability and the future viability of enterprises increasingly depend on the continued 
functioning of IT systems. Without them, there is often doubt if a company will survive. These 
IT systems also represent a considerable proportion of any company's capital budget. The 
emphasis of chapter has been to update students with the latest developments in technology. 
These developments have been happening through automations, delivery channels being 
changed with extensive use of emerging technologies such as cloud computing, mobile 
computing, Bl, etc. 

The first part of chapter discusses about business applications. The business applications can 
be used for varied business functions such as accounting, payroll, purchases, sales, etc. The 
chapter helps students to understand the importance of software applications to business. The 
second part is in continuation to the discussion of the part I. It deals with the Business 
Process Automation, which is a word used in businesses across the world. The chapter helps 
students to understand the nature and impact of business automation on businesses. It also 
gives thought to what-if, no automation is made. 

The next part of the chapter deals with Information Processing and Delivery channels. The 
chapter highlights the way businesses have been modified due to change in delivery channels. 
An updated discussion on latest trend in consumer behavior vis-a-vis technology adoption is 
there in the chapter. The business impact due to change in delivery channel is also discussed 
in the chapter with live examples. 

Application controls, discussed in the chapter shall help student to understand the nature of 
control and why they are needed in business. Controls are important for survival of any good 
business process. If an entity creates business process automation and does not properly 
control the same, it shall spell disaster for business. This section highlights this aspect of the 
business. 

The last part of the chapter deals with emerging technologies namely virtualization, grid 
computing and cloud computing. The objective of this section is to give brief overview of the 
technology as it is used and the benefits the society is getting from it. The best word to define 
these technologies is “social technologies’’. 
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Glossary 


A 

Analytical CRM: Customer relationship management applications dealing with the analysis of 
customer data to provide information for improving business performance. 

Android: Android is a Linux-based operating system designed primarily for touch screen 
mobile devices such as smart phones and tablet computers. 

Application Program Interface (API): The specific method prescribed by a 

computeroperating system or by an application program by which a programmer writing an 
application program can make requests of the operating system or another application 

Application Service Provider (ASP): Company providing software that can be rented by 
other companies over the Web or a private network. 

Application Software Package: A set of prewritten, precoded application software programs 
that are commercially available for sale or lease. 

Artificial Intelligence (Al): The effort to develop computer-based systems that can behave 
like humans, with the ability to learn languages, accomplish physical tasks, use a perceptual 
apparatus, and emulate human expertise and decision making. 

Asynchronous Transfer Mode (ATM): A networking technology that parcels information into 
8-byte cells, allowing data to be transmitted between computers from different vendors at any 
speed. 

B 

Bandwidth: The capacity of a communications channel as measured by the difference 
between the highest and lowest frequencies that can be transmitted by that channel. 

Best Business Practices: It must have a collection of the best business processes applicable 
worldwide. And IT package imposes its own logic on a company’s strategy, culture and 
organization. 

Beyond The Company: It should not be confined to the organizational boundaries, rather 
support the on-line connectivity to the other business entities of the organization. 

Blocking: a process preventing the transfer of a specified amount of funds or a specified 
quantity of a security. 

Bluetooth: Bluetooth is a wireless technology standard for exchanging data over short 
distances up to 50 meters (164 feet) from fixed and mobile devices, creating Personal Area 
Networks (PANs) with high levels of security. It is a feature which is used every day through a 
number of compatible devices. 
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BPM lifecycle: It is a generic process optimization methodology defined explicitly for business 
processes. It provides a high level approach from a phased perspective without prescribing 
specific techniques such as those found in Six Sigma or Lean. 

Business Process Automation (BPA): Removing the human element from existing business 
processes by automating the repetitive or standardized process components. 

Business Process Management (BPM): The methodology used by enterprises to improve 
end-to-end business processes. 

Business Process Management: Business Process Management (BPM) is the methodology 
used by enterprises to improve end-to-end business processes in five stages namely: design, 
modeling, execution, monitoring and optimization. 

Business Process Re-engineering (BPR): It can be defined as the search for, and 
implementation of, radical change in business processes to achieve breakthrough 
improvements in products and services. 

Business Processes: The unique ways in which organizations coordinate and organize work 
activities, information, and knowledge to produce a product or service. 

Business-To-Business (B2B) electronic commerce: Electronic sales of goods and services 
among businesses. 

Business-To-Consumer (B2C) electronic commerce: Electronic retailing of products and 
services directly to individual consumers. 

c 

Cache Memory: It is a memory that lies in the path between the processor and the RAM, 
which a computer microprocessor can access more quickly than it can access regular RAM. 

Card (payment card): A device that can be used by its holder to pay for goods and services 
or to withdraw money. 

Cellular Phone System: A radio communications technology that divides a metropolitan area 
into a honeycomb of ceils to greatly increase the number of frequencies and thus the users 
that can take advantage of mobile phone service. 

Central Processing Unit (CPU): The brain of the computer, is the actual hardware that 
interprets and executes the program instructions and coordinates how all the other hardware 
devices work together. 

Client/Server Networks: A computing environment where end user workstations (clients) are 
connected to micro or mini LAN (servers) or possibly to a mainframe (super server). 

Cloud Computing: A type of computing, comparable to grid computing that relies on sharing 
computing resources rather than having local servers or personal devices to handle 
applications, involves delivering hosted services over the Internet. 

Coaxial Cable: A sturdy copper or aluminium wire wrapped with spacers to insulate and 
protect it. Groups of coaxial cables may be bundled together in a bigger cable for ease of 
installation. 
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Communications Satellites: Earth satellites placed in stationary orbits above the equator 
that serve as relay stations for communications signals transmitted from earth stations. 

Computer Network: A collection of computers and other hardware interconnected by 
communication channels that allow sharing of resources and information. 

Customer Relationship Management Systems: Information systems that track all the ways 
in which a company interacts with its customers and analyze these interactions to optimize 
revenue, profitability, customer satisfaction, and customer retention. 

Customization: The modification of a software package to meet an organization's unique 
requirements without destroying the package software's integrity. 

D 

Data Base Management Systems (DBMS): Software that aid in organizing, controlling and 
using the data needed by the application programme. 

Data Logging: Recording of all data generated by a device, or the data passing through a 
particular point in a networked computer System. 

Database Model: A type of data model that determines the logical structure of a database and 
fundamentally determines in which manner data can be stored, organized, and manipulated. 

Decision-Support Systems (DSS): Information systems at the organization's management 
level that combine data and sophisticated analytical models or data analysis tools to support 
semi structured and unstructured decision making. 

Downsizing: Moving to smaller computing platforms, such as from mainframe systems to 
networks of personal computers and servers. 

E 

Electronic Business (E-business): The use of the Internet and digital technology to execute 
all the business processes in the enterprise. Includes e-commerce as well as processes for 
the internal management of the firm and for coordination with suppliers and other business 
partners. 

Electronic Commerce Server Software: Software that provides functions essential for 
running e-commerce Web sites, such as setting up electronic catalogs and storefronts, and 
mechanisms for processing customer purchases. 

Electronic Commerce: The process of buying and selling goods and services electronically 
involving transactions using the Internet, networks, and other digital technologies. 

Electronic Data Interchange (EDI): The direct computer-to-computer exchange between two 
organizations of standard business transaction documents. 

Electronic Mail (e-mail): The computer-to-computer exchange of messages. 

Enterprise Application Integration (EAI) software: Software that works with specific 
software platforms to tie together multiple applications to support enterprise integration. 
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Enterprise Networking: An arrangement of the organization's hardware, software, network, 
and data resources to put more computing power on the desktop and create a company-wide 
network linking many smaller networks. 

Enterprise Portal: Web interface providing a single entry point for accessing organizational 
information and services, including information from various enterprise applications and in- 
house legacy systems so that information appears to be coming from a single source. 

Enterprise Software: Set of integrated modules for applications such as sales and 
distribution, financial accounting, investment management, materials management, production 
planning, plant maintenance, and human resources that allow data to be used by multiple 
functions and business processes. 

Enterprise Systems: Integrated enterprise-wide information systems that coordinate key 
internal processes of the firm. 

ERP: It is business management software that allows an organization to use a system of 
integrated applications to manage the business. 

Extranets: A network that links selected resources of the intranet of a company with its 
customers, suppliers, and other business partners, using the Internet or private networks to 
link the organizations’ intranets. 

F 

Fiber optics: The technology that uses cables consisting of very thin filaments of glass fibers 
that can conduct the light generated by laser at frequencies that approach the speed of light. 

Flexibility: An IT system should be flexible to respond to the changing needs of an enterprise. 
The client server technology enables IT to run across various database back ends through 
Open Database Connectivity (ODBC). 

I 

Information technology (IT): Any computer-based tool that people use to work with 
information and support the information and information-processing needs of an enterprise. 

Instruction Set Architecture (ISA): It is the abstract model of a computing system that is 
seen by a machine language programmer, including the instruction set, memory address 
modes, processor registers, and address and data formats. 

Internet Technologies: The Internet and its technologies are being used to build 
interconnected enterprises and global networks, like intranets and extranets that form 
information superhighways to support enterprise collaboration, electronic commerce, and 
internal business applications. 

Internetwork Processors: Internetwork processors such as bridges, routers, hubs, or 
gateways to other LANs or wide area networks interconnect many LANs. 

Intranets: Open, secure Internet-like networks within organizations. 


© The Institute of Chartered Accountants of India 




VII 


Information Technology 


K 

Knowledge Management: The set of processes developed in an organization to create, 
gather, store, maintain, and disseminate the firm's knowledge. 

Knowledge Management Systems: Systems that support the creation, capture, storage, and 
dissemination of firm expertise and knowledge. 

L 

Legacy Systems: The older, traditional mainframe-based business information systems of an 
organization. 

Local Area Network (LAN): A communications network that typically connects computers, 
terminals, and other computerized devices within a limited physical area such as an office, 
building, manufacturing plant, or other work site. 

M 

Management Information Systems (MIS): The study of information systems focusing on their 
use in business and management. 

Metadata: Metadata (meta-content) are defined as the data providing information about one or 
more aspects of the data. 

Micro architecture: It is a term used to describe the resources and methods used to achieve 
architecture specification. 

MIS (Management Information Systems): It is a general term for the computer systems in an 
enterprise that provide information about its business operations. It's also used to refer to the 
people who manage these systems. 

Mobile Computing: It is a technology that allows transmission of data, voice and video via a 
computer or any other wireless enabled device without having to be connected to a fixed 
physical link. 

Modem (Modulation - DEModulation): A device that converts the digital signals from 
input/output devices into appropriate frequencies at a transmission terminal and converts them 
back into digital signals at a receiving terminal. 

Multiplexer: An electronic device that allows a single communications channel to carry 
simultaneous data transmissions from many terminals. 

N 

Network Architectures - OSI: The International Standards Organization (ISO) has developed 
a seven-layer Open Systems Interconnection (OSI) to serve as a standard model for network 
architectures in order to promote an open, simple, flexible, and efficient telecommunications 
environment. 
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Network Architectures - TCP/IP: The Internet’s protocol suite is called Transmission Control 
Protocol/Internet Protocol (TCP/IP). TCP/IP consists of five levels of protocols that can be 
related to the seven layers of the OSI architecture. TCP/IP is used by the Internet and all 
intranets and extranets. 

Network Computing: A network-centric view of computing in which “the network is the 
computer,” that is, the view that computer networks are the central computing resource of any 
computing environment. 

Network Operating System: A network operating system is a program that is used to control 
telecommunications and the use of and sharing of network resources. 

Network Server: LANs use a powerful microcomputer with a large disk capacity as a file 
server or network server. The server handles resource sharing and telecommunications. 

0 

OLAP: Online Analytical Processing: is a multi-dimensional analytical tool typically used in 
data mining, that gathers and process vast amounts of information into useful packets. 

Open Systems: Model of network protocols enabling any computer connected to a network to 
communicate with any other computer on the same network or a different network, regardless 
of the manufacturer. 

Operating System (OS): A set of computer programs that manages computer hardware 
resources and acts as an interface with computer applications programs. 

Operating System Software: An operating system (OS) Software is a set of computer 
programs that manages computer hardware resources and acts as an interface with computer 
applications programs. The operating system is a vital component of the system software in a 
computer system. 

P 

Peer-to-Peer Networks (P2P): Computing environments where end user computers connect, 
communicate, and collaborate directly with each other via the Internet or other 
telecommunications network links. 

Protocol: A set of rules and procedures for the control of communications in a communication 
network. 

R 

Radical Redesign: This means getting down to the fundamental - where necessary throwing 
away the old, out of date rules - and recognizing that quality and innovation are more 
important to profit than cost. 

Random Access Memory (RAM): It is the Short term Memory in a computer where the 
operating system, application programs, and data in current use are kept so that they can be 
quickly reached by the computer's CPU. 
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Read Only Memory (ROM): It is computer memory containing data that normally can only be 
read, not written to, usually used by manufacturers. 

Re-engineering: It is the fundamental rethinking and radical redesign of business processes 
to achieve dramatic improvements in critical, contemporary measures of performance, such as 
cost, quality, service and speed. 

Register: It is one of a small set of data holding places (memory) that are part of a central 
Processing unit (CPU). 

Routing: Refers to the process of deciding on how to communicate the data from source to 
destination, in a network. 

s 

Scalability: scalability is the ability of a system, network, or process to handle a growing 
amount of work in a capable manner or its ability to be enlarged to accommodate that growth. 

Server (Client-Server Architecture): It is a computer program running to serve the requests 
of other programs, the "clients". 

Server (Hardware): It is a device on a network dedicated to run one or more services (as a 
host), to serve the needs of the users of other computers on a network. 

Smartphone: It is a mobile phone built on a mobile operating system, with more advanced 
computing capability connectivity than a feature phone. 

Software as a Service (SaaS): A software delivery method that provides access to software 
and its functions remotely as a Web-based service. 

System flowchart: A tool for documenting a physical system in which each component is 
represented by a symbol that visually suggests its function. 

System Software: A computer software that is designed to operate the computer hardware 
and to give and maintain a platform for running application software. 

Systems Development Life Cycle (SDLC): It is a conceptual model used in project 
management that describes the stages involved in an information system development project, 
from an initial feasibility study through maintenance of the completed application. 

T 

Tablet: It is a one piece general-purpose computer contained in a single panel. Its 
distinguishing characteristic is the use of a touch screen as the input device. 

Telecommunications Channels: Telecommunications channels are the part of a 
telecommunications network that connects the message source with the message receiver. It 
includes the physical equipment used to connect one location to another for the purpose of 
transmitting and receiving information. 
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Telecommunications Media: Telecommunications media are the physical media used by 
telecommunications channels. They include, twisted- pair wire, coaxial cables, fiber optic 
cables, terrestrial microwave, communications satellite, cellular, and infrared systems. 

Telecommunications Network Components: Telecommunications components include 
terminals, telecommunications processors, telecommunications channels and media, 
computers, and telecommunications control software. 

Telecommunications Processors: Multiplexers, concentrators, communications controllers, 
and cluster controllers that allow a communications channel to carry simultaneous data 
transmissions from many terminals. They may also perform error monitoring, diagnostics and 
correction, modulation-demodulation, data compression, data coding and decoding, message 
switching, port contention, and buffer storage. 

Telecommunications Software: Telecommunications software, including network operating 
systems, telecommunications monitors, web browsers, and middleware, control and support 
the communications activity in a telecommunications network. 

Touchpad: A touchpad is a pointing device featuring a tactile sensor, a specialized surface 
that can translate the motion and position of a user's fingers to a relative position on screen. 

Transaction Processing Systems (TPS): Computerized systems that perform and record the 
daily routine transactions necessary to conduct the business; they serve the organization's 
operational level. 

V 


Virtual Memory: It is an allocation of hard disk space to help RAM. Virtual memory combines 
computer’s RAM with temporary space on the hard disk. 

Virtual Organization: Organization using networks to link people, assets and ideas to create 
and distribute products and services without being limited to traditional organizational 
boundaries or physical location. 

Virtual Private Network: A secure network that uses the Internet as its main backbone 
network to connect the intranets of a company’s different locations or to establish extranet 
links between a company and its customers, suppliers, or other business partners. 

Virtualization: Virtualization is the creation of a virtual (rather than actual) version of 
something, such as an operating system, a server, a storage device or network resources. 

w 

Wide Area Network (WAN): A data communications network covering, a large geographic 
area. 

Wi-Fi: It is the name of a popular wireless networking technology that uses radio waves to 
provide wireless high-speed Internet and network connections. Wi-Fi networks have limited 
range. 
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problem 
(containing 
the error) as 
per the 
publication 

Suggested 

Correction 


Typographical/ 

Printing/ 

Computational/ 

Conceptual/ 

Updation 




















(10) 

Do you feel that the publication can be made more value additive? If so, please give your 
specific suggestions. 




Note: Use separate sheet, if necessary. You are also encouraged to send your response by e-mail at 
feedbackbos@icai.in 


Please send feedback form to: 

Director, Board of Studies 

The Institute of Chartered Accountants of India 

A-29, Sector-62, Noida- 201 309. 
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